Bluetooth Pentesting?

From: steven@lovebug.org
Date: Mon Aug 21 2006 - 16:06:28 EDT


Greetings,

Does anyone on this list do bluetooth pentesting? I have read tons of old
posts and found plenty of tools to do a few different things. However, I
do not find any of it to be overly useful. Most of the tools out there
seem to be aimed at certain cell phones or are very specific. I am trying
to find out what the risks are of all kinds of devices. I have found
btscanner to be pretty good at detecting devices but it doesn't do too
much other than detect it. I can scan and pickup 150+ devices and the
Vulnerable to: section is always the same.. blank. Are all the bluetooth
devices I find so super secure? I pick up cars, phones, PDAs, computers,
keyboards, etc. Are there really no risks with these devices?

Is there a better/good tool out there that can really find various
bluetooth devices and tell me what -real- risks might be associated with
them -- on top of that.. is there a good tool for trying to pull data or
use these devices? Example: a dell or mac laptop has bluetooth on, or a
Treo with it on.. what are the possible risks? What tools can actually
test if authentication is required for connecting with these devices.. or
whether I can bruteforce it or connect at all?

Any suggestions would be greatly appreciate and I am really trying to do
something more than just "detect" bluetooth devices. I need to know if
there are risks here.

Thanks

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:46 EDT